Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page

Authy Push Authentications


(warning)

Warning

As of November 2022, Twilio no longer provides support for Authy SMS/Voice-only customers. Customers who were also using Authy TOTP or Push prior to March 1, 2023 are still supported. The Authy API is now closed to new customers and will be fully deprecated in the future.

For new development, we encourage you to use the Verify v2 API.

Existing customers will not be impacted at this time until Authy API has reached End of Life. For more information about migration, see Migrating from Authy to Verify for SMS(link takes you to an external page).

Before sending a One-Time Password:

  1. Create an Authy Application ( see Applications documentation )
  2. Create a User ( see Users documentation )

Push authentication offers seamless user experience for second-factor and passwordless authentication and offers the highest level of cryptographic security(link takes you to an external page). All requests are fully encrypted, end to end and allow for non-repudiated transactions.

For users with the ability to install an app on their mobile device or computer, these ApprovalRequests can be sent and verified through our REST API. For information on other channels such as SMS or soft tokens, see the Authy API One-time Passwords documentation.


Create an Approval Request

create-an-approval-request page anchor

This will create a new approval request for the given Authy ID and send it to the end user along with a push notification to the Authy Mobile app(s), Desktop app(s), and any SDK-driven apps. Only the subject of the transaction is sent through Google or Apple push channels. If push notifications fail or delay, the user can still retrieve pending transactions by opening the Authy app or an SDK app manually.


_10
POST https://api.authy.com/onetouch/{FORMAT}/users/{AUTHY_ID}/approval_requests

URL

create-approval-request-url page anchor
NameTypeDescription
FORMATStringThe format to expect back from the REST API call. json, or xml.
AUTHY_IDIntegerThe Authy ID of the user to send a Push Authentication. Create an Authy ID by registering a user.
NameDescription
message StringShown to the user when the push notification arrives. (📇 PII )
details Hash (optional) (Max 20 characters for the Key in the key value pair)Dictionary containing any ApprovalRequest details you'd like to present to the user to assist their decision to approve or deny a transaction. We automatically add a timestamp to transactions. See below for an example on how to use details. (📇 PII )
hidden_details Hash (optional) (Max 20 characters for the Key in the key value pair)Dictionary containing the approval request details hidden to user. This information will be preserved in transaction records but not presented to the user, so it may be useful for your business logic and routing. (📇 PII )
logos Hash (optional)A dictionary containing override logos that will be shown to user in the push authentication transaction details. By default, we send the logos uploaded through the console. (🏢 not PII )
seconds_to_expire Integer (optional)The number of seconds a transaction is valid without user response (pending) before expiring. Defaults to 86400 (one day); 0 will never expire. This should not be set too low as users need time to evaluate a request. (🏢 not PII )
NameDescription
approval_request HashHash containing the keys & values for the ApprovalRequest. (📇 PII )
uuid StringUnique transaction ID of the ApprovalRequest. You'll need the uuid to query the request status or tie future callbacks to this ApprovalRequest. (🏢 not PII )
created_at DatetimeThe date and time that we created the ApprovalRequest. (🏢 not PII )
status StringTracks the current state of the ApprovalRequest between pending a user response, approved, denied, or expired. (🏢 not PII )

Send Push Authentication

send-push-authentication page anchor
Python
C#
Java
PHP
Ruby
curl

_34
# Download the helper library from https://github.com/twilio/authy-python
_34
from authy.api import AuthyApiClient
_34
_34
# Your API key from twilio.com/console/authy/applications
_34
# DANGER! This is insecure. See http://twil.io/secure
_34
authy_api = AuthyApiClient('api_key')
_34
_34
details = {
_34
'username': 'Bill Smith',
_34
'location': 'California, USA',
_34
'Account Number': '981266321'
_34
}
_34
_34
hidden_details = {
_34
'transaction_num': 'TR139872562346'
_34
}
_34
_34
logos = [
_34
dict(res='default', url='https://example.com/logos/default.png'),
_34
dict(res='low', url='https://example.com/logos/low.png')
_34
]
_34
_34
response = authy_api.one_touch.send_request(
_34
authy_id,
_34
"Login requested for a CapTrade Bank account.",
_34
seconds_to_expire=120,
_34
details=details,
_34
hidden_details=hidden_details,
_34
logos=logos)
_34
_34
if response.ok():
_34
print(response.get_uuid())
_34
else:
_34
print(response.errors())

Output

_10
{
_10
"approval_request": {
_10
"uuid": "c31f7620-9726-0135-6e6f-0ad8af7cead6"
_10
},
_10
"success": true
_10
}

This request generates a push notification that looks like this:

Authy push authentication request from Cap Trade bank.

Use a Custom Logo in an Approval Request

use-a-custom-logo-in-an-approval-request page anchor

By default, all the ApprovalRequests created will be shown to the user using the logo defined in your application in the console(link takes you to an external page). However, you can provide a custom image at the time of the request.

The logos parameter is expected to be an array of objects, each object with two fields: res (for resolution) and url (the location where you host your logo). If you include the logos parameter, we expect it to include a res with value default.

Options for the res field are:

defaultfallback logo if logo for device resolution is not provided
lowfor devices with low resolution
medfor devices with medium resolution
highfor devices with high resolution
(information)

Info

All image URLs must be served over HTTPS and not HTTP. Due to mobile platform restrictions, image requests must be over a secure channel.


Check Approval Request Status

check-approval-request-status page anchor

There are two ways for you to check on ApprovalRequest status. You can poll the endpoint below for the status of an ApprovalRequest or you can use a webhook callback. Polling is the quickest way to get started using and testing the endpoint.

In order to implement polling, you can hit the following endpoint repeatedly until the status changes. We suggest polling once per second for the best user experience.


_10
GET https://api.authy.com/onetouch/{FORMAT}/approval_requests/{PUSH_UUID}

NameDescription
FORMAT StringThe format to expect back from the REST API call. json or xml.
PUSH_UUID UUIDThe approval request ID. (Obtained from the response to an ApprovalRequest) (🏢 not PII )
NameDescription
approval_request HashHash containing the status of the approval request and other attributes as you can see in the example below. Possible values of nested status key are pending, expired, approved, or denied. "device" key only included in response when status is approved or denied. (📇 PII )

Check status of push authentication request

check-status-of-push-authentication-request page anchor
Python
C#
Java
PHP
Ruby
curl

_10
# Download the helper library from https://github.com/twilio/authy-python
_10
from authy.api import AuthyApiClient
_10
_10
# Your API key from twilio.com/console/authy/applications
_10
# DANGER! This is insecure. See http://twil.io/secure
_10
authy_api = AuthyApiClient('api_key')
_10
_10
status = authy_api.one_touch.get_approval_status('c31f7620-9726-0135-6e6f-0ad8af7cead6')
_10
_10
print(status.content)

Output

_41
{
_41
"success": true,
_41
"approval_request": {
_41
"status": "approved",
_41
"_user_email": "user@example.com",
_41
"uuid": "c31f7620-9726-0135-6e6f-0ad8af7cead6",
_41
"notified": false,
_41
"hidden_details": {
_41
"transaction_num": "TR139872562346"
_41
},
_41
"created_at": "2019-09-03T23:34:53Z",
_41
"app_id": "5c1234c1234cfd6e8b1234",
_41
"_app_serial_id": 123456,
_41
"updated_at": "2019-09-03T23:37:01Z",
_41
"seconds_to_expire": 120,
_41
"_app_name": "Example Authy Application",
_41
"processed_at": "2019-09-03T23:37:01Z",
_41
"user_id": "59f27bc1234ef64e34a61234",
_41
"_id": "5d6e12344d79f51234b6",
_41
"_authy_id": 123,
_41
"device": {
_41
"city":"San Francisco",
_41
"country":"United States",
_41
"ip":"192.168.92.226",
_41
"region":"California",
_41
"registration_city":"New York",
_41
"registration_country":"United States",
_41
"registration_ip":"127.0.0.4",
_41
"registration_method":"push",
_41
"registration_region":"New York",
_41
"os_type":"ios",
_41
"last_account_recovery_at":null,
_41
"id":2456245,
_41
"registration_date":1506380735,
_41
"last_sync_date":1508436616,
_41
"enabled_unlock_methods": "pin, fingerprint",
_41
"last_unlock_method_used": "pin",
_41
"last_unlock_date": 1540601752
_41
}
_41
}
_41
}

Push Authentication Callbacks

push-authentication-callbacks page anchor

In your final application, we recommend exposing a URL to Twilio and using webhooks. With a webhook, we will call your URL immediately when a user reacts to an ApprovalRequest. Webhooks are a more scalable solution than polling. For redundancy you can implement both webhook callbacks and long-polling.

Learn more about how to validate incoming Twilio Authy API requests and how to implement Authy Webhooks. You can set a callback URL in the Push Authentication tab of your Authy Application in the console(link takes you to an external page).

Authy push authentication callback in console settings.

Rate this page: